Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A CONTRIBUTORS file is easy to change by anyone hosting the repository - it's useless for the purpose of verification, unless you have a toolchain to verify each change to said file. "Sign-offs by maintainers" it not useful either unless you already know who the maintainers are, and you are kept up to date (by a trusted source) when the maintainers change. This is what Radicle does, for free, when you clone a repo.


All good points, but now you moved the trust requirement from me having to trust the people working on the code, to me having to trust the tool that hosts the code. I'm not convinced your model is better. :P


Over time, I’d expect trusting the tool to be more and more trustworthy as more and more eyeballs can review the tool.

Whereas having to trust people, especially as people cycle in and out over time can be inherently stochastic.


I don't know, for me when I get involved with a project, I'm more likely to be aware of the people involved with it than the place where they host it.

I understand that the disruption Radicle wants to bring is to divorce projects from their developers, but that sounds so foreign to me, that I can't wrap my head around it. I can see its use in some cases: abandoned projects, unethical behaviour from maintainers, but not to the extent where a new platform is required.

Maybe that's why I'm being such a Negative Nancy. I hope u/cloudhead didn't consider my replies too aggressive. :)


For me, one of the benefits of FOSS is that I don't have to trust the people. I can look at the code and decide for myself.

Not looking to convince you of that or anything though... :)


Can’t debate that :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: